Create separate role for SSH and Vagrant

- Added a separate role that first configures SSH, and after that gathers the ansible_virtualization_role fact, due to gathering facts requiring an SSH connection - Renamed ssl_certs_enabled to letsencrypt_enabled and moved that and the vagrant variable to the be supplied directly to the last two roles in playbook.yml - Added tags base_only and setup_services to the new role ssh_and_vagrant so that it will always be run before anything else when using deploy.sh
2022-11-16 20:31:44 +01:00 · 2022-11-16 20:31:44 +01:00 · 57ca1e9233
parent 253a21432e
commit 57ca1e9233
9 changed files with 27 additions and 13 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -1,15 +1,12 @@
 ---
 - hosts: all
-  gather_facts: true
+  gather_facts: false
  become: true
  vars:
    base_domain: data.coop
    letsencrypt_email: admin@data.coop
    ldap_dn: "dc=data,dc=coop"
    vagrant: "{{ ansible_virtualization_role == 'guest' }}"
    ssl_certs_enabled: "{{ vagrant == false }}"
    services:
      - nginx-proxy
      - postfix
@ -36,9 +33,19 @@
    smtp_port: "587"
  tasks:
    - import_role:
        name: ssh_and_vagrant
      tags:
        - base_only
        - setup_services
    - import_role:
        name: ubuntu_base
      vars:
        vagrant: "{{ ansible_virtualization_role == 'guest' }}"
      tags:
        - base_only
    - import_role:
        name: docker
      vars:
        vagrant: "{{ ansible_virtualization_role == 'guest' }}"
        letsencrypt_enabled: "{{ not vagrant }}"
--- a/roles/docker/tasks/services/mailu.yml
+++ b/roles/docker/tasks/services/mailu.yml
@ -28,7 +28,7 @@
    dest: "{{ mailu.volume_folder }}/certs/cert.pem"
    state: hard
    force: yes
-  when: ssl_certs_enabled
+  when: letsencrypt_enabled
 - name: hard link to Let's Encrypt TLS key
  file:
@ -36,7 +36,7 @@
    dest: "{{ mailu.volume_folder }}/certs/key.pem"
    state: hard
    force: yes
-  when: ssl_certs_enabled
+  when: letsencrypt_enabled
 - name: run mail server containers
  docker_compose:
--- a/roles/docker/tasks/services/nginx-proxy.yml
+++ b/roles/docker/tasks/services/nginx-proxy.yml
@ -44,5 +44,5 @@
      - /var/run/docker.sock:/var/run/docker.sock:ro
    env:
      NGINX_PROXY_CONTAINER: nginx-proxy
-  when: ssl_certs_enabled
+  when: letsencrypt_enabled
--- a/roles/ssh_and_vagrant/handlers/main.yml
+++ b/roles/ssh_and_vagrant/handlers/main.yml
--- a/roles/ssh_and_vagrant/tasks/main.yml
+++ b/roles/ssh_and_vagrant/tasks/main.yml
@ -0,0 +1,5 @@
 ---
 - import_tasks: ssh-port.yml
  tags: [change-ssh-port]
 - import_tasks: virtualization.yml
  tags: [gather-virtualization-facts]
--- a/roles/ssh_and_vagrant/tasks/ssh-port.yml
+++ b/roles/ssh_and_vagrant/tasks/ssh-port.yml
@ -11,7 +11,7 @@
  ignore_errors: true
  register: ssh_configured
-# If we're running in Vagrant, ansible_port is 2222
+# If running in Vagrant, ansible_port is always 2222
 - name: Change Ansible port to 22 if needed
  set_fact:
    ansible_port: 22
@ -22,7 +22,7 @@
 - name: Change SSH port on host
  lineinfile:
    dest: "/etc/ssh/sshd_config"
-    regexp: "^#?Port"
+    regexp: "^#?Port "
    line: "Port 19022"
  register: ssh_changed
  notify: "Restart sshd"
--- a/roles/ssh_and_vagrant/tasks/virtualization.yml
+++ b/roles/ssh_and_vagrant/tasks/virtualization.yml
@ -0,0 +1,4 @@
 ---
 - name: Determine if running in Vagrant
  setup:
    gather_subset: virtualization_role
--- a/roles/ubuntu_base/tasks/base.yml
+++ b/roles/ubuntu_base/tasks/base.yml
@ -13,7 +13,7 @@
 - name: Install Dell OpenManage
  apt:
    name: srvadmin-all
-  when: ansible_virtualization_role != "guest"
+  when: not vagrant
 - name: Install necessary packages via pip
  pip:
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/ubuntu_base/tasks/main.yml
@ -1,9 +1,7 @@
 ---
 - import_tasks: ssh-port.yml
  tags: [change-ssh-port]
 - import_tasks: dell-apt-repo.yml
  tags: [setup-dell-apt-repo]
-  when: vagrant == false
+  when: not vagrant
 - import_tasks: upgrade.yml
  tags: [do-full-system-upgrade]
 - import_tasks: base.yml